配置 BGP AS_PATH属性
一、实验目的
用BGP命令防止石油自治系统号宣告给外部世界,利用AS_PATH属性,根据源自治系统号过滤BGP路由.
二、 拓扑结构图
三、 实验步骤
1.
基本接口地址配置(略)
2.
配置bgp协议
isp2(config-if)#router bgp 300
isp2(config-router)#neigh 192.168.1.5 remote-as 100
isp2(config-router)#neigh 172.24.1.18 remote-as 65000
isp2(config-router)#net 202.2.2.0
sanjsoe2(config-if)#router bgp 100
sanjsoe2(config-router)#neigh 192.168.1.6 remote-as 100
sanjsoe2(config-router)#net 201.1.1.0
cusrtr(config-if)#router bgp 65000
cusrtr(config-router)#neigh 172.24.1.17 remote-as 300
cusrtr(config-router)#net 203.3.3.0
sanjsoe2#show ip rou
C 201.1.1.0/24 is directly connected, Loopback0
B 202.2.2.0/24 [20/0] via 192.168.1.6, 00:05:20
B 203.3.3.0/24 [20/0] via 192.168.1.6, 00:05:20
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.4 is directly connected, Serial0/0
sanjsoe2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 201.1.1.0 0.0.0 .0 0 32768 i
*> 202.2.2.0 192.168.1.6 0 0 300 i
*> 203.3.3.0 192.168.1.6 0 300 65000 i
3.
在isp2上剥离cusrtr不然私有的as的bgp报文传递过来
isp2#route bgp 300
^
% Invalid input detected at '^' marker.
isp2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
isp2(config)#router bgp 300
isp2(config-router)#nei 192.168.1.5 remove-private-as
isp2(config-router)#do clear ip bgp *
sanjsoe2#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 201.1.1.0 0.0.0 .0 0 32768 i
*> 202.2.2.0 192.168.1.6 0 0 300 i
*> 203.3.3.0 192.168.1.6 0 300 I
网络路径发生改变,AS_PATH属性只有as300
4.
配置路由策略是sanjose2的路由不会传到as65000的as中
isp2(config)#ip as-path access-list 1 deny ^100$
isp2(config)#ip as-path access-list 1 permit .*
isp2(config)#router bgp 300
isp2(config-router)#neigh 172.24.1.18 filter-list 1 out
cusrtr#show ip route
B 202.2.2.0/24 [20/0] via 172.24.1.17, 00:09:32
C 203.3.3.0/24 is directly connected, Loopback0
172.24.0.0/30 is subnetted, 1 subnets
C 172.24.1.16 is directly connected, Serial0/0
没有201.1.1.0的路由
isp2#show ip bgp regexp ^100$
Network Next Hop Metric LocPrf Weight Path
*> 201.1.1.0 192.168.1.5 0 0 100 i